diff options
| author | Hendrik Jäger <gitcommit@henk.geekmail.org> | 2023-09-15 13:42:03 +0200 |
|---|---|---|
| committer | Hendrik Jäger <gitcommit@henk.geekmail.org> | 2023-09-15 13:42:03 +0200 |
| commit | 9507d7c1ce4a048e2c478851739238a64f0c8823 (patch) | |
| tree | 3250866265d8e5afffde279f66be90f024894f24 | |
| parent | 4d481b38fdabe061a56a9f244fda1bae70c8aa46 (diff) | |
update rules
| -rw-r--r-- | files/etc/logcheck/ignore.d.server/local-dovecot | 7 |
1 files changed, 2 insertions, 5 deletions
diff --git a/files/etc/logcheck/ignore.d.server/local-dovecot b/files/etc/logcheck/ignore.d.server/local-dovecot index 2d0b6f4..bc1c4b5 100644 --- a/files/etc/logcheck/ignore.d.server/local-dovecot +++ b/files/etc/logcheck/ignore.d.server/local-dovecot @@ -40,8 +40,6 @@ ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: (Aborted login|Disconnected): Connection closed \(.*\): user=<[[:alnum:]@_.-]*>, method=[[:alnum:]-]+, rip=[[:xdigit:]:.]+, lip=[[:xdigit:]:.]+, (TLS|SSL)(, session=<[[:alnum:]/+]+>)?$ ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: (Aborted login|Disconnected): Connection closed \(.*\): user=<>, rip=[[:xdigit:]:.]+, lip=[[:xdigit:]:.]+, (TLS|SSL)( handshaking)?:? Connection closed(, session=<[[:alnum:]/+]+>)?$ ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: (Aborted login|Disconnected): Connection closed \(.*\): user=<>, rip=[[:xdigit:]:.]+, lip=[[:xdigit:]:.]+(, (TLS|SSL))?(, session=<[[:alnum:]/+]+>)?$ -^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: (Aborted login|Disconnected): Disconnected: Too many bad commands \(.*\): user=<>, rip=[[:xdigit:].:]+, lip=[[:xdigit:].:]+( TLS,)(, session=<[[:alnum:]/+]+>)?$ -^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: (Aborted login|Disconnected): Disconnected: Too many bad commands \(.*\): user=<>, rip=[[:xdigit:].:]+, lip=[[:xdigit:].:]+, (TLS|SSL)( handshaking)?:?( session=<[[:alnum:]/+]+>)?$ ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: (Aborted login|Disconnected): Inactivity during authentication \(.*\): user=<[[:alnum:]@_.-]*>, method=[[:alnum:]-]+, rip=[[:xdigit:]:.]+, lip=[[:xdigit:]:.]+, (TLS|SSL)( handshaking)?:? Connection closed(, session=<[[:alnum:]/+]+>)?$ ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: (Aborted login|Disconnected): Inactivity during authentication \(.*\): user=<[[:alnum:]@_.-]*>, method=[[:alnum:]-]+, rip=[[:xdigit:]:.]+, lip=[[:xdigit:]:.]+, (TLS|SSL)( handshaking)?:? Disconnected(, session=<[[:alnum:]/+]+>)?$ ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: (Aborted login|Disconnected): Inactivity during authentication \(.*\): user=<[[:alnum:]@_.-]*>, method=[[:alnum:]-]+, rip=[[:xdigit:]:.]+, lip=[[:xdigit:]:.]+, (TLS|SSL)( handshaking)?:? (SSL_accept|SSL_read)\(?\)? syscall failed: .*$ @@ -55,9 +53,8 @@ ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: (Aborted login|Disconnected): Inactivity \(.*\):( user=<[[:alnum:]@_.-]*>,)?( method=[[:alnum:]-]+,)? rip=[[:xdigit:]:.]+, lip=[[:xdigit:]:.]+, (TLS|SSL)( handshaking)?:? (SSL_accept|SSL_read)\(?\)? failed: .*$ ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: (Aborted login|Disconnected): Inactivity \(.*\):( user=<[[:alnum:]@_.-]*>,)?( method=[[:alnum:]-]+,)? rip=[[:xdigit:]:.]+, lip=[[:xdigit:]:.]+, (TLS|SSL)( handshaking)?:? (SSL_accept|SSL_read)\(?\)? syscall failed: .*$ ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: (Aborted login|Disconnected): Inactivity \(.*\):( user=<[[:alnum:]@_.-]*>,)?( method=[[:alnum:]-]+,)? rip=[[:xdigit:]:.]+, lip=[[:xdigit:]:.]+, (TLS|SSL)(, session=<[[:alnum:]/+]+>)?$ -^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: (Aborted login|Disconnected): Too many bad commands\.? \(.*\): user=<>, rip=[[:xdigit:]:.]+, lip=[[:xdigit:]:.]+, (TLS|SSL)(, session=<[[:alnum:]/+]+>)?$ -^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: (Aborted login|Disconnected): Too many invalid commands\.? \(.*\): user=<>, rip=[[:xdigit:]:.]+, lip=[[:xdigit:]:.]+(, session=<[[:alnum:]/+]+>)?$ -^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: (Aborted login|Disconnected): Too many invalid commands\.? \(.*\): user=<>, rip=[[:xdigit:]:.]+, lip=[[:xdigit:]:.]+, (TLS|SSL)(, session=<[[:alnum:]/+]+>)?$ +^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: (Aborted login|Disconnected):( Disconnected:)? Too many bad commands \(.*\): user=<>, rip=[[:xdigit:].:]+, lip=[[:xdigit:].:]+(, (TLS|SSL))?(, session=<[[:alnum:]/+]+>)?$ +^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: (Aborted login|Disconnected): Too many invalid commands\.? \(.*\): user=<>, rip=[[:xdigit:]:.]+, lip=[[:xdigit:]:.]+(, (TLS|SSL))?(, session=<[[:alnum:]/+]+>)?$ ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: (Aborted login|Disconnected) \(.*\):( user=<[[:alnum:]@_.-]*>,)?( method=[[:alnum:]-]+,)? rip=[[:xdigit:]:.]+, lip=[[:xdigit:]:.]+, mpid=[[:digit:]]+, (TLS|SSL)( handshaking)?:? Disconnected(, session=<[[:alnum:]/+]+>)?$ ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: (Aborted login|Disconnected) \(.*\):( user=<[[:alnum:]@_.-]*>,)?( method=[[:alnum:]-]+,)? rip=[[:xdigit:]:.]+, lip=[[:xdigit:]:.]+, mpid=[[:digit:]]+, (TLS|SSL)( handshaking)?:? handshake: Disconnected(, session=<[[:alnum:]/+]+>)?$ ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: (Aborted login|Disconnected) \(.*\):( user=<[[:alnum:]@_.-]*>,)?( method=[[:alnum:]-]+,)? rip=[[:xdigit:]:.]+, lip=[[:xdigit:]:.]+, mpid=[[:digit:]]+, (TLS|SSL)( handshaking)?:? handshake(, session=<[[:alnum:]/+]+>)?$ |